MXPA98010832A - Effective use of digits marked in the origin of flame - Google Patents

Effective use of digits marked in the origin of flame

Info

Publication number
MXPA98010832A
MXPA98010832A MXPA/A/1998/010832A MX9810832A MXPA98010832A MX PA98010832 A MXPA98010832 A MX PA98010832A MX 9810832 A MX9810832 A MX 9810832A MX PA98010832 A MXPA98010832 A MX PA98010832A
Authority
MX
Mexico
Prior art keywords
handset
telephone number
authentication code
network
dialed
Prior art date
Application number
MXPA/A/1998/010832A
Other languages
Spanish (es)
Inventor
Patel Sarvar
Original Assignee
Lucent Technologies Inc
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Lucent Technologies Inc filed Critical Lucent Technologies Inc
Publication of MXPA98010832A publication Critical patent/MXPA98010832A/en

Links

Abstract

The present invention reinforces authentication protocols by making it more difficult for handset impostors to make call origination using playback attacks. The present invention achieves this goal by utilizing the most significant digits of a telephone number that is marked as a parameter for determining authentication codes. Using the most significant digits makes it more difficult for imposters to successfully use call origination replay attacks, where replay attacks involve adding digits to a telephone number at a time.

Description

EFFECTIVE USE OF DIGITS MARKED IN CALL ORIGIN FIELD OF THE INVENTION This invention relates in general to wireless communication system and in particular to authentication protocols. BACKGROUND OF THE INVENTION The wireless communications industry loses hundreds of millions of dollars in a year for fraud. Much of the fraud comes from handset or mobile phone counterfeiters (eg subscribers or unauthorized users of wireless communication nets), using user identity information associated with legitimate handsets or mobile phones (eg authorized subscribers or net users). of wireless communications) such as mobile identification number (MIN = Mobile Identification Numbers) and / or electronic serial numbers (ESN = Electronic Serial Numbers), to gain access to the system to wireless communications nets. Many different techniques have been developed to reduce the fraud of wireless communications. These techniques include authentication protocols to verify whether a requesting handset or mobile telephone (ie a REF 29039 handset seeking access to the system) is a legitimate handset or mobile telephone. Authentication protocols generally involve a handset that transmits an authentication code to a wireless communications net. The authentication code is a secret key associated with the handset and is used by the net to authenticate or verify whether the handset is a legitimate handset. The authentication code is either known for the handset and the net, or it can be determined independently by the handset and the net. If the handset authentication code (i.e. the authentication code transmitted by the handset) does not correspond to the net authentication code for the handset (i.e. the known or determined authentication code by the net associated with the handset) the The handset does not authenticate and the system will be denied to the wireless communications net. If the handset authentication code corresponds to the net authentication code for the handset, the handset is authenticated and will be granted access to the system to perform system access functions, such as registration, paging response and call location.
In other background of the present invention, they are described with reference to the well-known standard IS-41, which is the North American standard for intersystem signaling for wireless communication nets. However, this should not be considered as limiting the present invention in any way. The IS-41 standard defines authentication protocols that use a cryptographic function known as the cellular authentication and voice encryption algorithm (CAVE = Cellular Authication and Voice Encryption) to determine an authentication code. Figure 1 is an illustration 10 showing a plurality of parameters x, which are used as feeds for the CAVE algorithm. At least one of the parameters x is a private key uniquely associated with the handset and is known only by the handset and the net. The parameters x are provided as feeds to the CAVE algorithm, to obtain an authentication code. A remarkable feature of the CAVE algorithm is that there is no known method to invert or decipher the CAVE algorithm. In an implementation of the IS-41 standard, the CAVE algorithm is executed using a microprocessor microprocessor or a typical integrated application circuit (ASIC = Application Specific Integrated Circuit), and the parameters x are stored in a plurality of registers (referred to below) as the CAVE registers) of which are loaded into the microprocessor or ASIC. CAVE records include a 32-bit linear feedback shift register (LFSR = Linear Feedback Shift Register), 16 registers of one octet (ie ROO to R15) and two registers of displacement of one octet (ie displacement 1 and displacement 2). The authentication protocols defined by the IS-41 standard include protocols for global challenges and unique challenges, as described here. Global challenges require that every handset attempt to gain access to the system, to respond with an authentication code referred to herein as a random authentication code (AUTHR). Figure 2 illustrates the authentication protocol for a global challenge. A network 20 issues a global challenge by generating and broadcasting a global random number (RAND) to be used by each handset (which attempts to gain access to the system) to respond with AUTHR. The overall challenge is received by the handset 22, which uses RAND and other information as parameters to generate the AUTHR. It should be noted that the handset 22 must respond with its AUTHR before a random or predetermined time interval expires, where the network 20 issues a new global challenge upon the expiration of this time interval.
Figure 3 illustrates the parameters for generating the AUTHR in response to a global challenge. The parameters are loaded from the CAVE registers 30 in a microprocessor 32 that executes the CAVE algorithm. Specifically, the following AUTHR parameters are loaded from the CAVE registers on the microprocessor 32: Secret shared data A (SSD-A = Secret Share Data A) of records R00-R07; a version of the authentication algorithm (AAV Authentication Algorithm Version) of record R08; a MIN1 of the registers R09-R11 if the handset wishes to register or answer the radiolocation; the last 6 digits of the telephone number to mark the registers R09-Rll, if the handset wishes to make a call origin, -an electronic serial number (ESN = Electronic Serial Number) of the registers R12-R15; the RAND of the LFSR; and a one hundred twenty-eight (128) value of the offsets 1 and 2. The SSD-A is a private key known only to the network 20 and the handset 22; the AAV specifies the version of the CAVE algorithm that is used to generate the authentication code; MIN1 is the NXX-XXXX portion of a mobile identification number (MIN); and the ESN identifies the make and model of the handset 22. The RAND is typically subjected to XOR (ie 0 exclusive) with the most significant 32 bits of the SSD-A and then XOR with the least significant 32 bits of the SSD-A .
The handset 22 responds to the overall challenge by transmitting its output of the microprocessor 32 (ie AUTHR) together with its MIN and ESN to the network. If the handset 22 wishes to perform the call origin function, the handset 22 will also include the telephone number to be dialed in its response. The network 20 uses the MIN and / or ESN in the handset response to determine SSD-A and AAV for the handset 22. For example, the network 20 uses one or more search tables that correlate MINs and / or ESNs with SSD -As and AAVs in order to determine SSD-A and AAV for a given MIN and / or ESN. In determining SSD-A and AAV for received MIN and / or ESN, network 20 uses the appropriate version of the CAVE algorithm as indicated by AAV) to independently determine its AUTHR to authenticate the received AUTHR from handset 20. Specifically, the network 20 uses power parameters for the CAVE algorithm, the SSD-A and AAV values determined by the network 20, the RAND generated by the network 20, the NXX-XXXX portion of the received MIN (ie MIN1), the received ESN and the value of one hundred and twenty-eight (128) for the displacements 1 and 2. It should be noted that the 10 digits of the received telephone number are replaced by the MIN1 if the handset wishes to make a call origin. The AUTHR of the network is compared to the AUTHR of the handset (which is transmitted by the handset 22) to authenticate the handset 22. If the answer of the handset to the global challenge fails or if the network 20 does not use global challenges to authenticate handsets, the re'4 20 can issue a unique challenge to authenticate handsets. Unlike a global challenge, a single challenge is directed to a particular handset trying to gain access to the system. Figure 4 illustrates the authentication protocol for a single challenge. The handset 22 transmits an access signal to the network 20. The access signal includes the MIN and ESN of the handset and an indication that the handset 22 wishes to gain access to the system to perform an access function to the system, such as origin of call, radiolocation response or registration. The network 20 issues a unique challenge to the handset 22 to respond with an authentication code referred to herein as a unique random code for authentication (AUTH). The unique challenge includes the MIN of the handset (to indicate the particular handset to which the unique challenge is addressed) and a unique random number (RANDU) generated by the network 20, which is to be used by the handset to respond with the AUTHU. The handset 22 receives the unique challenge and uses the RANDU and other information as parameters to generate the AUTHU. Figure 5 illustrates the parameters for generating the AUTHU in response to a unique challenge. The parameters are loaded from the CAVE registers 30 to the microprocessor 32 executing the CAVE algorithm. Specifically, the following parameters are loaded: the secret shared data (SSD-A of the R00-007 records; the version of the authentication algorithm (AAV) of the R08 register; the MIN1 of the registers R09-R11; the electronic serial number (ESN) of the registers R12 and R15, - the RANDU and MIN2 of the LFSR, wherein the MIN2 is the NPA portion (i.e. area code) of the mobile identification number; yi one hundred twenty-eight (128) value of displacements 1 and 2. Note that the AUTHU parameters differ from the AUTHR parameters since the first parameters include the RANDU and MIN2 instead of RAND and the MIN1 for call origin instead of the last 6 digits of the telephone number to dial. The handset 22 responds by transmitting its AUTHU to the network 20 together with its MIN, ESN and / or telephone number to be dialed. Network 20 uses MIN and ESN received by handset response, to generate its own AUTHU for comparison with handset AUTHU (for purposes of authenticating handset 22). Both of the authentication protocols described above have weaknesses that make it possible for a forger or donor to steal services from a network by impersonating a legitimate handset. These weaknesses are typically subject to replay attacks where the imposter intercepts an authentication code transmitted by a legitimate handset and reproduces (or retransmits) the authentication code intercepted to the network. In this way, the imposter pretends to pass itself off through the legitimate handset in order to gain access to the system to the network. Figure 6 illustrates how an imposter or donor can respond to a global challenge using a reproduction attack. The imposter comprises a network imposter 36 (to present itself as a legitimate network for a legitimate handset) and as a handset imposter 38 (to present yourself as a legitimate handset to a legitimate network). The network imposter 36 obtains the MIN and ESN of a victim's handset 22 (i.e. the legitimate handset), by listening to communication channels in which the victim handset 22 typically transmits its MIN and ESN, this is the network impostor 36 intercepts the MIN and ESN of the victim's handset. At about the same time or some time thereafter, the imposter of the handset 38 listens to the RAND diffuser via the network 20 through a global challenge. The handset impostor 38 re-transmits RAND to the network impostor 36 whose radiolocation interrogates the victim's telephone 22 (ie requests the victim's handset 22 to respond with a radiolocation response) and issues a false global challenge with the RAND received by the handset imposter 38 (and issued by the legitimate network 20). The victim's handset 22 receives the radiolocation interrogation for the imposter of the network and the global challenge (with the RAND) and determines an AUTHR using the RAND and its SSD-A, AAV, MIN1 and ESN (and the value of one hundred percent). they see iocho (128) for displacement). When determining its AUTHOR, the victim's handset responds to the radiolocation interrogation of the impostor of the network, and the global challenge with its MIN, ESN, and AUTHR. The network impostor 36 listens to the response of the victim's handset and relays it to handset imposter 38, which reproduces or sends it to network 20 as the answer of the handset impostor to the global challenge. The playback attack described above in global challenges is effective for handset impostors, who try to gain access to the system to perform radiolocation or registration response because the victim's handset determines the AUTHR using the MIN1. Gaining access to the system to perform paging and registration responses allows the handset imposter 38 to register as the victim's handset 22 and receive dialed phone calls to the victim's handset telephone number. However, the reproduction attack of Figure 6 does not allow the imposter of the handset 38 to gain access to the system to make a call origin because the last 6 digits of the telephone number to be dialed are not used by the telephone handset of the telephone. victim as a parameter to determine the AUTHR (as required for call origin). Since the impostor can not make the victim's handset 22 determine an AUTHR by using a specific telephone number (ie, the telephone number that the impostor wishes to dial), the above-described reproduction attack can not be used by the imposter to make call origin. The impostor can however modify the playback attack of Figure 6, to successfully respond to challenges at the call origin using the MIN1 as the least significant 6 digits of the telephone number to be dialed, as will be described here. As previously mentioned, the MIN1 is a 7-digit value stored in registers R09-R11 comprising 24 bits (ie 8 bits per octet). Without coding, 4 bits are used to represent a single digit. In this way, 28 bits (that is, 4 bits multiplied by 7 digits) are recreated to represent the MIN1 of 7 uncodified digits. Since the R09-R11 registers comprise only 24 bits, the 7-digit MIN1 requires coding in such a way that it can be represented using 24 bits (thus allowing the 7-digit MIN1 to fit within the R09-R11 registers. bits represent the 7 digit MIN1 (hereinafter referred to as the "MIN l encoded") that can be mapped to a 6-digit number, then a modification of the reproduction attack of Figure 6 can be used to successfully respond to challenges in origin of call, for example, the network impostor 36 listens to MIN transmitted by handsets of possible victims. When the network impostor 36 finds a victim handset 22 with a MIN1 that when encoded can be mapped to a 6-digit number (this victim handset is also referred to herein as a mapped handset), the imposter is ready to attack the protocol of authentication. The handset impostor 38 will then hear the RAND transmitted by the network 20. The RAND is retransmitted to the imposter of the network 36, which interrogates by radiolocation and issues a challenge (with the RAND) to the mapped handset 22. The mapped handset 22 responds with your AUTHR, which is determined using your MIN1. The network impostor 36 receives and retransmits to the handset the AUTHR of the mapped handset 22 to the handset imposter 38 transmitting the AUTHR, ESN and MIN of the victim handset and a false telephone number. The fake telephone number comprises a first part and a second part. The first part is the most significant digits of the fake phone number and includes a phone number that the impostor wishes to dial. The second part is the least significant digits of the fake telephone number and includes the 6 digits mapped to the coded MIN1 of the victim's handset. When the network 20 receives the response from the handset imposter, the network 20 will use the least significant 6 digits of the fake telephone number, that is, the second part to determine its AUTHR. The AUTHR of the network will adjust the AUTHR in response to the imposter (ie the AUTHR of the micrc * - telephone of the determined victim using his MIN1) and all the fake telephone number will be provided to one or more of the communication networks (for example, local and long distance exchanges) to complete the telephone call. The communications networks will use as many of the more significant digits of the fake telephone number as necessary, to complete or direct the telephone call. The first part of the fake telephone number will provide the communication networks with sufficient information to complete or direct the call. The second pate of the fake telephone number will be ignored by the communication networks, because all the information necessary to complete the call has already been provided by the first party. In this way, the second part does not affect the address and telephone number indicated by the first part, but it helps the handset impostor to gain access to the system to make a call origin. Figure 7 illustrates how an impostor or donor can respond to a unique challenge using a reproduction attack. A reproduction attack on a single attack, first begins with the impostor of the network 36 that obtains the MIN and ESN of the victim's handset 22. The MIN and ESN are retransmitted to the handset imposter 38, which uses the MIN and ESN to requesting access to the system to the network 20. The network 20 issues a unique challenge when generating and transmitting to the imposter of the handset 38, a RANDU together with the MIN of the victim's handset 22 (used by handset impostor 38 to request access to the system.) The handset imposter 38 relays the RANDU number to the impostor of the network 36 which in turn sends a unique challenge (using the RANDU and the MIN of the victim's handset) to the victim's handset 22. The victim's handset 22 responds with an AUTHU, determined using the RANDU.The impostor of the network 36 retransmits the AUTHU to the imposter of the handset 38, which in turn reproduces the AUTHU in response to the unique challenge presented to the handset imposter 38 over the network 20. The AUTHU transmitted by the impostor of the handset 38 will coincide with the AUTHU of the network for the handset of the victim 22, in this way the handset imposter 38 gains access to the system to the network 20. Unlike global challenges, the phone number that is dialed by the victim's handset or handset imposter (it is never a function of the AUTHU). a, the handset imposter can effectively respond to a unique challenge and gain access to the system to perform system access functions including call origin. Accordingly, there is a need to reinforce authentication protocols against playback attacks by handset impostors making call origin. COMPENDIUM OF THE INVENTION The present invention reinforces authentication protocols by making it more difficult for handset imposters to make call origination using playback attacks. The present invention achieves this goal by using the most significant digits of a telephone number dialed as a parameter to determine authentication codes. Using the most significant digits, it makes it harder for impostors to successfully use call originating play attacks, where replay attacks involve adding digits to a phone number to dial. In one embodiment of the present invention, the most significant 15 or 18 digits of the telephone number being dialed are used as a parameter to determine an authentication code. An impostor attempting to make a call origin using the authentication code determined by the legitimate handset will not be able to route a telephone call to any other telephone number other than that dialed by the legitimate handset. If the imposter tries to dial a different phone number, the network will determine your authentication code using the different phone number. This authentication code determined by the network will be different from the authentication code determined by the legitimate handset (and used in a reproduction attack by the imposter). In this way, the impostor will not be authenticated by the network and will be denied access to the system. BRIEF DESCRIPTION OF THE DRAWINGS The features, aspects and advantages of the present invention will be better understood with respect to the following description, appended claims and accompanying drawings wherein: Figure 1 illustrates a plurality of parameters x employed as feeds for a CAVE algorithm; Figure 2 illustrates the authentication protocol for a global challenge; Figure 3 illustrates the parameters for generating an AUTO in response to a global challenge; Figure 4 illustrates the authentication protocol for a single challenge, - Figure 5 illustrates the parameters for generating the AUTHU, in response to a unique challenge, - Figure 6 illustrates how an imposter or donor can respond to a global challenge using a attack of reproduction; Figure 7 illustrates how an impostor or donor can respond to a unique challenge using a reproduction attack; Figure 8 illustrates the authentication protocol employed in accordance with the present invention, - Figure 9 illustrates a way to determine the AUTO in a handset and a network in response to a challenge; and Figure 10 illustrates a way to combine a dialed telephone number with other parameters to determine an authentication code. DETAILED DESCRIPTION For purposes of illustration, the present invention is described herein with respect to the authentication protocols defined by the well-known IS-41 standard. However, this should not be considered as limiting the present invention in any way. It should be apparent to a person with ordinary skill in the art to apply the principles of the present invention to other authentication protocols. Figure 8 illustrates an authentication protocol employed in accordance with the present invention. A wireless communications network or an authentication center 60 issues a challenge to a handset 62 attempting to make a call origin. Specifically, the network 60 generates and transmits a random number (RANDOM), which is to be used by the handset 62 to determine an authentication code (AUTH) in response to the challenge. The challenge can be a global challenge or a unique challenge. In the case of the latter, the network 60 will also transmit a mobile identification number (MIN) that specifies the handset to which the challenge is to be issued. It should be noted that the random number (RANDOM) is a string of characters comprising alphanumeric and / or numeric characters. Upon receiving the challenge, the handset 62 determines the AUTH using the RANDOM and a first set of information associated with the handset 62 as parameters for its cryptographic function such as the CAVE algorithm. The handset 62 transmits the AUTH and a second set of information associated with the handset 62 to the network 60 as its response to the challenge of the network. The second set of information may include all or a portion of the first set and is used by the network 60 to determine its own AUTH for purposes of authenticating the handset 62. The first and second sets of information shall at least include a telephone number at which the handset 62 dials (also referred to herein as "dialed telephone number"). The present invention reinforces the authentication protocol by using the most significant bits of the telephone number dialed as a parameter to determine the AUTH, as will be described here. Figure 9 illustrates a way to determine the AUTH of handset 32 (and network 60) in response to a challenge. The parameters used to determine the AUTH (ie, first set of information) are stored in a plurality of registers 70, where a cryptographic function running in a microprocessor 72 is subsequently to be provided as power. In current implementations of the IS-41 standard, the plurality of registers 70 include a 32-bit signal feedback shift register (LFSR) 16 registers of one octet ROO to R15 (and two one-octet shift registers) offset 1 and offset 2). When the handset 62 attempts to make a call origin, the following parameters are loaded into the registers 70, to determine the AUTH: Secret shared data A (SSD-A) of the registers R00-R07; a version of the authentication algorithm (AAV = Authentication Algorithm Version) of the record in Figure 8; MIN1 of registers R09-R11 if the handset responds to a unique call origin challenge; the 6 less significant digits of the dialed telephone number of registers R09-R11 if the handset responds to a global call origin challenge; electronic serial number (ESN) of registers R12-R15; the RANDOM on the LFSR if the handset responds to a global challenge; the RANDOM and MIN2 in the LFSR, if the handset responds to a single challenge, - and scroll values of one hundred and twenty-eight (128) in the shift registers 1 and 2. The SSD-A is a private key known only to the network 60 and the handset 62; the AAV specifies the version of the CAVE algorithm that is used to generate the authentication code, - MIN1 and MIN2 are the NXX-XXXX and NPA portions respectively of the MIN; the ESN identifies the make and model of the handset 62. Before loading the parameters in the registers 70 the RAND is typically subjected to XOR with the 32 most significant bits of the SSD-A, and then to XOR with the least significant 32 bits of the SSD -TO. The present invention can be incorporated into current implementations of the IS-41 standard by substituting the most significant digits of the dialed telephone number for one or more of the parameters of the current implementations of the IS-41 standard (hereinafter referred to as "parameters"). IS-41"), or by combining the most significant digits of the telephone number dialed with one or more parameters IS-41, being in this way the most significant digits of the dialed telephone number, a parameter to determine the AUTO. The present invention will now be discussed with reference to an embodiment of the present invention that is incorporated into the current implementations of the IS-41 standard. However, this should not be considered as limiting the present in any way. An objective of the present invention is to replace or combine the IS-41 parameters with as many as possible of the most significant digits of the dialed telephone number. The greater the number of the most significant digits replaced by or combined with the IS-41 parameters, the more difficult it is for the impostor to use a playback attack to make a call origin. Ideally, the entire dialed phone number is replaced by or combined with the IS-41 parameters, to determine an AUTH that would be very difficult for an impostor to successfully use in a playback attack. For example, suppose that a legitimate handset receives a challenge and determines an AUTH that uses the RANDOM in the challenge. And a first set of information (comprising the IS-41 parameters and the dialed telephone number). The legitimate handset subsequently responds by retransmitting its AUTH and a second set of information (comprising the dialed telephone number and its MIN and ESN). Also suppose that the dialed telephone number is "12125551212") if only the four most significant digits of the telephone number are used to determine the AUTH by the legitimate handset and network), then an impostor intercepts the answer (of the legitimate handset) can use the AUTH contained within the intercepted response (and that is determined by the legitimate handset) to dial any telephone number within the same area code as the telephone number dialed by the legitimate handset (ie area code 212) . If the 7 most significant digits are used to determine the AUTH, then the impostor can only use the same AUTH to dial another telephone number within the same area and central code (ie code 212 and central area 555) making this It is more difficult for the imposter to use the AUTH to make a call origin. If the complete telephone number is used to determine the AUTH, then the impostor can only use the same AUTH to make the call origin to the same telephone number dialed by the legitimate handset. For purposes of illustration, the present invention will be described herein using an example that combines any dialed telephone number with the AAV parameters., MIN1 and ESN, to determine an AUTH in response to a unique challenge. It should be noted that the entire dialed telephone number should not be longer than 15 digits in length if the telephone number complies with the well-known E.163 numbering plan, which specifies that the longer telephone number should not be greater than 15 digits in length (which includes 3 digits to access international dialing). In this example, as illustrated in Figure 10, each digit of the dialed telephone number is converted to a 4-bit value using table 84 (and subsequently combined with the parameters AAV, MIN1 and ESN, using the XOR binary operation, see tables 80 and 82. Typically, the 4-bit value representing the most significant digit of the dialed telephone number is submitted to XOR with the upper 4 bits in the R08 register (ie part of the AAV) The result of the binary operation XOR is stored in the upper four bits of register R08.The 4-bit value representing the second most significant digit of the dialed telephone number is submitted to XOR with the four low bits in register R08.The result of is binary operation XOR is stored in the low 4 bits of the R08 register, this process is repeated until the 4 bits representing the fifteenth most significant digit of the dialed telephone number have been submitted to XOR with the four upper bits in the register R15 (ie part of the ESN parameter) using binary operation, and the result of the binary operation XOR is stored in the four upper bits of the register R15. If the length of the dialed telephone is less than 15 digits, a null value can be submitted to XOR with the remaining bits that are not subjected to XOR and registers R08-R15 (up to the upper 4 bits of register R15). The results of the binary operations stored in registers R08-R15 are provided as power (together with the parameters stored in other parts of registers 70) to the cryptographic algorithm to determine an AUTH. The output AUTH is transmitted from the handset 62 together with a second set of information (including the dialed telephone number) to the network 60, for purposes of authenticating the handset 62. The network 60 will determine its own AUTO using the RAND and a second set of information. An imposter who intercepts handset transmission 62 will not be able to use the AUTH in the transmission (to direct a call to a telephone number other than the telephone number dialed by the handset 62). In this way, in response to the authentication protocol. Although the present invention has been described in considerable detail with respect to certain wireless communications network modes using authentication protocols based on the IS-41 standard, other versions are possible. For example, all the dialed telephone number can be combined with different parameters IS-41; a predetermined number of the most significant digits of the dialed telephone number is combined with the parameters IS-41; and the dialed telephone number can be coded before combining it with the IS-41 parameters (for example, coding every 3 digits in 10 bits). It will be readily apparent to a person of ordinary skill in the art that the present invention is equally applicable to other types of authentication protocols, different cryptographic functions or encryption algorithms, and different numbering plans (e.g., ISDN E.164). , which specifies that the longest telephone number should not be greater than 18 digits in length including international access marking). Therefore, the spirit and scope of the present invention will not be limited to the description of the modalities contained herein. It is noted that in relation to this date, the best method known to the applicant to carry out the aforementioned invention, is that which is clear from the present description of the invention. Having described the invention as above, property is claimed as contained in the following:

Claims (17)

  1. CLAIMS 1.- A method for authenticating in a wireless communication system, characterized by the steps of: receiving from the user a first authentication code and a telephone number to be dialed; determine a second authentication code that uses a set of the most significant digits of the telephone number to be dialed; and authenticating the user using the first authentication code and the second authentication code.
  2. 2. - The method according to claim 1, characterized in that the user is authenticated if the first authentication code is identical to the second authentication code.
  3. 3. The method according to claim 1, characterized in that the user does not authenticate if the first authentication code is identical to the second authentication code.
  4. 4. - A method for authenticating a mobile-transmitter in a network, characterized by the steps of: transmitting a challenge to the mobile-transmitter; receive a response to the challenge from the mobile-transmitter, the response has a first authentication code, information associated with the mobile-transmitter and a telephone number to be dialed, -determining a second authentication code using the information associated with the transmitter- mobile and a set of the most significant digits of the telephone number to be macr, and authenticate the mobile-transmitter using the first authentication code and the second authentication code.
  5. 5. - The method according to claim 4, characterized in that the set of the most significant digits includes 15 more significant digits of the telephone number to be dialed.
  6. 6. - The method according to claim 4, characterized in that the set of the most significant digits includes 18 more significant digits of the telephone number to be dialed.
  7. 7. - The method according to claim 4, wherein the network includes a string of characters and the second authentication code is determined using the string of characters.
  8. 8. - The method according to claim 4, characterized in that the second authentication code is determined using other parameters.
  9. 9. - The method according to claim 8, characterized in that the set of the most significant digits is combined with some of the other parameters.
  10. 10. The method according to claim 8, characterized in that the set of the most significant digits is replaced by some of the other parameters.
  11. 11. - Method to respond to a mobile transmitter to a challenge issued by a network, characterized by the steps of: receiving a challenge with a characteristic string in the mobile-transmitter; determine an authentication code using a set of the most significant digits of a telephone number to be dialed and the string of characters; and transmit a response to the challenge from the mobile transmitter, the response has the authentication code and the telephone number to be dialed.
  12. 12. - The method according to claim 11, characterized in that the set of the most significant digits includes 15 more significant digits of the telephone number to be dialed.
  13. 13. - The method according to claim 11, characterized in that the set of the most significant digits includes 18 more significant digits of the telephone number to be dialed.
  14. 14. The method according to claim 11, characterized in that the response includes information associated with the mobile-transmitter.
  15. 15. - The method according to claim 11, characterized in that the authentication code is determined using other parameters.
  16. 16. - The method according to claim 15, characterized in that the set of the most significant digits is combined with any of the other parameters.
  17. 17. - The method according to claim 15, characterized in that the set of the most significant digits is replaced by one of the other parameters.
MXPA/A/1998/010832A 1998-01-05 1998-12-16 Effective use of digits marked in the origin of flame MXPA98010832A (en)

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
US002852 1998-01-05

Publications (1)

Publication Number Publication Date
MXPA98010832A true MXPA98010832A (en) 1999-09-20

Family

ID=

Similar Documents

Publication Publication Date Title
US6014085A (en) Strengthening the authentication protocol
CA2344757C (en) An improved method for an authentication of a user subscription identity module
US5689563A (en) Method and apparatus for efficient real-time authentication and encryption in a communication system
JP4615892B2 (en) Performing authentication within a communication system
CA2104092C (en) Wireless device for verifying identification
EP0977452B1 (en) Method for updating secret shared data in a wireless communication system
EP1157582B1 (en) Authentication method for cellular communications systems
AU732083B2 (en) Method and apparatus for providing authentication security in a wireless communication system
JP2004222313A (en) Integrity protection method for wireless network signaling
JP2002232962A (en) Mobile communication authentication interworking system
US6934531B1 (en) Method for improving the security of authentication procedures in digital mobile radio telephone systems
US6118993A (en) Effective use of dialed digits in call origination
MXPA98010832A (en) Effective use of digits marked in the origin of flame
MXPA98008841A (en) Strengthening the authentification protocol
WO2000008879A1 (en) Method for authenticating a source of communication in a communication system